Securing Iparams credentails and accessing using template syntax (<%= iparam.name %>)

Amaresh_S_M · November 10, 2021, 11:43am

I am trying to call an API. The API contains credentials (password) in the URL so I tried to secure that password using the template syntax. Having credentials in the URL is not the best practice since we are trying to integrate one of the customer’s systems we have no other option.

This is how I tried:

client.request.get("https://domain.com/user/<%= iparam.password%>").then(
 (data) => { console.log(data); }, 
(err)=>{ console.log(err);  });

I am using the default installation parameter page, In the iparams.json config file, I have set secure attribute to true.

 "password": {
    "display_name": "Enter password",
    "description": "Please enter the password",
    "type": "text",
    "secure":true
    "required": true
  }

When I run the app request API call fails. When I debugged the issue, I found that the password was not substituted (<%= iparam.password%>) in the URL.

Am I missing anything? Can we access secured iparams fields in the URL? Is this supported?

Mughela_Chandresh · November 10, 2021, 12:39pm

Hi Amaresh,

Hope you are doing good.

Can you try by re-writing your request in the below format?

client.request.get(“https://domain.com/user/<%= iparam.password %>”).then(function(data) {
console.log(data);
}).catch(function(error) {
console.log(error)
});

Let me know if it doesn’t work.

Regards,
Mughela chandresh

system · February 8, 2022, 12:39pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.